Recently it has been reported that hacktivist group Anonymous intends to attack the 2014 FIFA World Cup, including its partners and sponsors. This threat has gained public attention after an interview with an Anonymous group spokesman provided select details about the planned operation.
The Radware Emergency Response Team (ERT) offers the following recommendations for organizations that are affiliated with the 2014 FIFA World Cup.
For more from the Radware ERT, please visit: http://security.radware.com/
Threat Alert: Anonymous Threat on 2014 FIFA World Cup
1. ERT Threat Alert- 2014 FIFA World Cup
Threat Alert
Anonymous Threat on 2014 FIFA World Cup
Emergency Response Team
June 6th
2014
2. ERT Threat Alert- 2014 FIFA World Cup
THREAT DETAILS
Recently it has been reported in the news that hacktivist group Anonymous intends to attack the 2014 FIFA World
Cup including its partners and sponsors. The threat gained public attention after an interview with an Anonymous
group spokesman, referring to himself as Che Commondore, provided select details about the planned operation.
Che Commondore revealed the socio-political motivation for the attack stating, “In 2014 the world will live the
'Brazilian dream'. It's the country of the World Cup, & blessed for God and beautiful for nature. That it's a beauty!
But, what beauty? The World [of] Cup have implicit characters, but this the Government Brazilian choose to hide.
When you arrive in Brazil, you tourists, will be surprised by assaults with guns."
According to Che Commondore, the group had already hacked into the Brazilian Foreign Ministry's database and
released sensitive email data based on the efforts of an individual called AnonManifest. AnonManifest also
promised upcoming denial-of-service attacks – Anonymous’ known weapon of choice. A Brazilian Foreign Ministry
official told Reuters on Friday that only 55 email accounts were hacked and the only documents that were
obtained were attached to emails from the ministry's internal document archive. What’s very important to note
here from a technical perspective, is that Anonymous performed a server cracking attack to reach the e-mail
servers where they downloaded file attachments to create the first leak. This can subsequently be used to DDoS
and shut down accounts, and/or gain access from password hacking/server cracking attempts.
Although some information has been disclosed regarding the rationale behind the planned attack, more specific
details are less known. It seems Anonymous is learning from prior experiences and now chooses to hold its cards
close to the chest. What it is clear is that the hacktivist group has once again chosen a target ripe for exploitation.
It is purported that as early as 2005 and 2007 Brazil fell prey to cyber-attacks resulting in major power outages.
Thus, another attack does not come unexpected. Fast forward to today, in which Brazil has been beset for months
by roiling protests on the games and their alleged drain on an already strained economy. It’s a perfect storm.
Anonymous is likely betting on that backdrop to boost support and gain advocates to help them carry out their
cyber exploit.
The FIFA World Cup as well as the Olympics are such high profile sporting events they are now starting to draw
malicious cyber attention. Radware’s ERT has been involved in similar threats dating back to the 2010 Vancouver
Winter Olympics, the 2012 London Summer Olympics and the 2014 Sochi Winter Olympics. Per a previous US-CERT
Security 2014 Olympic Games advisory the targets were similar to the recent threat. According to the Sochi
advisory “Anonymous Caucasus, has launched what appears to be a threat against any company that finances or
supports the winter games.” This group has been known in the past to launch DDoS attacks. Radware’s ERT reports
that the attempts to attack the Sochi Olympics started long in advance of the games on the Olympic committee’s
web site and resources.
In summary, Radware’s ERT sees this as evidence of a growing trend whereby high-profile sporting events are the
newest ‘hot’ target for cyber maliciousness and attack. The ERT additionally cautions that this could extend to
streaming providers and other major entertainment outlets (physical and digital) that will be known to promote
such events including cloud or infrastructure-as-a-service (IaaS) providers on which some of the current targets
rely.
Contained in the next section of this alert are general guidelines for preparation and response for potential targets
of this threat.
3. ERT Threat Alert- 2014 FIFA World Cup
TARGETS
The following are the partners, sponsors and supports, as stated in the FIFA World Cup site, which are considered
under threat. It is possible that more organizations will be added when the attack nears launch.
4. ERT Threat Alert- 2014 FIFA World Cup
INSTRUCTIONS FOR ORGANIZATION
Radware’s ERT offers the following recommendations for organizations that appear in the above list or are
affiliated with the 2014 FIFA World Cup
INSTRUCTIONS BEFORE THE ATTACK
Harden security systems as much as possible especially DoS protection, anti-scanning, and all intrusion
protection methods.
Make sure that all security systems will not fail-open under DoS/DDoS attack. Attackers today are known
to use Dos/DDoS to overwhelm security devices first, and then carry out other type of attacks.
Closely monitor for any new alert and investigate each one carefully. As admitted by Anonymous, they do
test their attack vectors in advance, and this should be used to understand their planned techniques and
prepare accordingly.
INSTRUCTIONS DURING THE ATTACK
Monitor carefully all security systems, service performance and internet pipe utilization to detect the
attack as early as possible.
During DoS attacks continue to monitor carefully all other attacks. Attackers today are known to use
Dos/DDoS as a smoke screen.
Monitor for site defacement.
INSTRUCTIONS FOR RADWARE AMS CUSTOMERS
Radware customers that appear in the above list or are affiliated with the 2014 FIFA World Cup should
contact the ERT (by contacting Radware Technical Support) for assistance with attack preparedness the
attack.
Radware customers under attack should contact the ERT immediately via phone to Radware Technical
Support to gain immediate service.